Hackers Target Thanksgiving Day Search Terms: Report

Security researcher CyberDefender is warning that attackers are targeting users searching online for Thanksgiving Day invitations.

Expanding their focus from Black Friday and Cyber Monday deals,
cyber-criminals are also targeting invitations to Thanksgiving dinner, security
researchers warned Nov. 24.
Users searching for Thanksgiving Day invitations online may encounter
dangerous malware, according to a security alert posted by CyberDefender
Research Labs. The researchers found a "high concentration" of
fake antivirus products that can steal data from infected computers.

"Each year, more holiday planning and ideas are available online, and
cyber-criminals are taking advantage of the opportunity," the researchers
wrote.

Keyword combinations included "Thanksgiving Lunch Invitations,"
"Thanksgiving Invitation Template" and "Thanksgiving Printable
Invitations." Out of 50 search results for each of the three phrases,
nearly 20 directed users to infected URLs, according to the alert.
If users click on the link, they are shown a scam page that claims their
computer is infected with malware and should download the tool to clean up the
infection.
"Today, the scale of the problem is massive; not only has the quantity
of threats dramatically increased, but the sophistication of the malware has
grown as well," said Achal Khetarpal, director of CyberDefender Research
Labs.
Security researchers found Smart Engine, a variant of the Virus Doctor
family, as one of the fake software being downloaded. This Trojan attempts to
prevent genuine antivirus programs from running, and users are unable to
quarantine and remove the malware from the machine.
"Online tools such as printable invitations often require downloading
to customize and print, offering cyber-criminals a straightforward path to
target and infect the PCs of holiday planning consumers," said Khetarpal.
This attack is similar to the previous alerts posted by security researchers
at SonicWall and Thirtyseven4 about Black
Friday and Cyber Monday scams, as well as holiday e-card scams from Sunbelt
Labs. Cyber-criminals are using popular search terms to try to cash in on user
interests. Hackers are looking to take advantage of that traffic, Fred
Touchette, a senior security analyst at AppRiver, told eWEEK.
Criminals create pages that are highly search engine optimized and spread
links as comments on various blogs and social networking sites, said Touchette.
Boosting those malicious pages' search engine rankings drive unsuspecting users
to those pages, he said. The technique is called SEO poisoning, tricking Google
and other search engines to treat these pages as legitimate sites.
Spammers and hackers often take advantage of current events, popular trends
and holidays such as Halloween
and Prince William's engagement to target users, according to Anup Ghosh,
Invincea's chief scientist.
CyberDefender researchers and other experts recommend making sure that the
operating system, browsers and security software are up-to-date. They also
suggest enabling secure browsing on the Web browser. When possible, they
suggest manually typing the link into the browser, and searching for deals
within the retailer's own site. CyberDefender also suggests using encrypted
search, such as Google SSL (https://www.google.com), instead of classic
Google (http://www.google.com).